ISPConfig kills system user?

I thing I have found a litte bug in ISPConfig 2.3.12 (yes, I know it isn't
the latest, but I havn't seen this in the changelog):

If a reseller add a new (email-) user, ISPConfig doesn't seem to check if
this name already exists as an systemuser in /etc/passwd.

I had for example a user "martin" with UID 1000, ISPConfig uses UID's > 10000. A reseller had add an email-user "martin" which was added with UID 10318 and my old "martin" was deleted in the /etc/passwd.

Haven't checked yet if you also can delete such users as "uucp", "www-data" or even "root" this way.

Oops, I have forgoten about the blacklist.
Hmm, strange the user "martin" isn't in there but he was definitely on the system before ISPConfig was installed, because it was the one user-account Debian always ask you to generate during the install (and therefor got UID 1000).